Question 1

How to configure LSMS to send email alerts?

Accepted Answer

You need to set up the email notification settings in the shared configuration file scripts/config/config.py and ensure your system can send mail. Each script can override these settings in its individual config file, but without proper setup, it defaults to console output only.

Question 2

Can LSMS detect rootkits or advanced malware?

Accepted Answer

LSMS includes scripts like search_hidden_exe.py for hidden ELF files and search_memfd_create.py for fileless programs, which can indicate compromise. However, it's not a dedicated rootkit detector and may miss sophisticated threats requiring specialized tools like rkhunter.

Question 3

LSMS vs AIDE: which is better for file integrity monitoring?

Accepted Answer

LSMS offers monitor_ scripts for specific files like cron or passwd, while AIDE is a dedicated file integrity tool with database-driven checks. LSMS is more modular and lightweight for targeted monitoring, but AIDE provides broader file coverage and hashing algorithms for comprehensive integrity checks.

Question 4

How to schedule LSMS scripts to run automatically?

Accepted Answer

You must set up a cron job as the root user to execute start_search.py --monitoring, as described in the usage. For example, add a line like '0 * * * * root /opt/LSMS/start_search.py --monitoring' to /etc/crontab for hourly runs, but this requires manual configuration and ongoing maintenance.

Question 5

Does LSMS work on non-Debian Linux distributions?

Accepted Answer

Most scripts are distribution-agnostic, relying on standard Linux commands and files, but some like verify_deb_packages.py are specific to Debian-based systems. Check script headers for dependencies, as they may need adjustments for other distros like RHEL or Arch.

Question 6

How to integrate LSMS with AlertR for real-time notifications?

Accepted Answer

First, install and configure AlertR separately from its GitHub repository. Then, update the AlertR settings in scripts/config/config.py to point to your AlertR instance. Without this, scripts will fall back to console or email output, limiting real-time capabilities.

Linux Security and Monitoring Scripts

What is Linux Security and Monitoring Scripts?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions